Alicloud Security Cloudfw
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Alibaba Cloud Firewall management skill, but users should treat it carefully because it can use cloud credentials to make firewall changes.
Install only if you intend to let the agent help manage Alibaba Cloud Cloud Firewall. Use a dedicated least-privilege AccessKey, confirm the account, region, and resource IDs before any change, and review saved outputs under `output/alicloud-security-cloudfw/`.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad permissions, the agent could create or modify cloud firewall policies and resources as part of a requested task.
The skill explicitly supports mutating Alibaba Cloud Firewall resources. This is expected for the stated purpose, but firewall changes can affect production access and security posture.
Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
Use least-privilege Alibaba Cloud permissions, review planned mutations before execution, and verify results with describe/list APIs as the skill recommends.
The agent may use configured Alibaba Cloud credentials to act in the associated cloud account.
The skill instructs use of Alibaba Cloud credentials, including a local shared credentials file. This is purpose-aligned for Cloud Firewall management, but it is sensitive account authority and the registry metadata lists no primary credential.
Environment variables: `ALICLOUD_ACCESS_KEY_ID` / `ALICLOUD_ACCESS_KEY_SECRET` / `ALICLOUD_REGION_ID` ... Shared config file: `~/.alibabacloud/credentials`
Provide a dedicated least-privilege credential limited to the needed Cloudfw operations and confirm which account, region, and resources will be affected.